Privacy Policy

Our Website Policy

The information notice is a general obligation that must be fulfilled before or at the latest when starting the direct collection of personal data. In the case of personal data not collected directly from the data subject, the information notice must be provided within a reasonable time, or at the time the data is communicated (not recorded), whether to third parties or the data subject. Pursuant to the General Data Protection Regulation (GDPR – Reg. (EU) 2016/679), the organization, as the data controller, provides the following information:

SOURCES AND CATEGORIES OF PERSONAL DATA

The personal data in possession of this organization are collected directly from the data subjects. This site also collects sensitive data, including those that may reveal racial or ethnic origin, religious, philosophical or other beliefs, political opinions, trade union membership, as well as data concerning health or sexual orientation.

Browsing Data

The computer systems and software procedures used to operate this website acquire, during their normal operation, some personal data whose transmission is implicit in the use of Internet communication protocols. This information is not collected to be associated with identified individuals but, by its very nature, could, through processing and association with data held by third parties, allow users to be identified. This category of data includes IP addresses or domain names of computers used by users who connect to the site, URI (Uniform Resource Identifier) addresses of requested resources, time of the request, method used to submit the request to the server, size of the file obtained in response, numeric code indicating the status of the response from the server (successful, error, etc.), and other parameters related to the user’s operating system and computer environment. This data is used solely to obtain anonymous statistical information about the site usage and to ensure its proper functioning and is deleted immediately after processing. The data may be used to ascertain responsibility in case of hypothetical computer crimes against the site.

Profiling Data

Profiling data regarding the data subject’s habits or consumption choices are not directly acquired. However, such information may be collected by third parties via links or embedded elements. See the section on third-party cookies for more information.

Cookies

Like others, this website saves cookies in the user’s browser to transmit personal information and enhance their experience. Cookies are small text strings sent by visited websites to the user’s device (usually to the browser), where they are stored — sometimes persistently — and then retransmitted to the same websites on subsequent visits.
As explained below, it is possible to choose whether and which cookies to accept. Refusing cookies may impact the ability to perform certain transactions on the site, the accuracy of some personalized content, or the ability to recognize the user between visits. If no choice is made, the default settings will apply and all cookies will be enabled; however, it is always possible to change your preferences at any time.

Technical Cookies

Specifically, session cookies are used, which are not stored permanently on the user’s computer and disappear when the browser is closed. Their use is strictly limited to transmitting session identifiers (random numbers generated by the server) necessary to enable secure and efficient site browsing. These avoid using other IT techniques that could compromise user privacy and do not allow the acquisition of personally identifiable data. Analytics cookies are also used to understand how visitors interact with site content, collecting anonymous statistical data (e.g., geographic origin, web source, technology, language, entry/exit pages, time spent, etc.) without identifying individual users. All these are considered technical cookies, for which no consent is required, and the opt-out mechanism applies. These cookies are not shared with third parties and are processed only by staff classified as data processors, data handlers, or system administrators.

Third-Party Cookies

This site incorporates cookies and other elements (tags, pixels, etc.) from third parties (independent controllers) who may also engage in profiling activities. Please refer to their respective sites:

https://www.google.com/policies/technologies/cookie/
https://www.facebook.com/about/privacy/cookie
http://www.addthis.com/privacy

Data Voluntarily Provided by the User

The voluntary, explicit, and optional sending of emails to the addresses listed on this site involves the subsequent acquisition of the sender’s address, necessary to respond to requests, as well as any other personal data included in the message. Likewise, submitting forms on the site containing the data subject’s information involves processing to fulfill pre-contractual obligations or provide the requested services. These forms may include personal, contact, telephone, email data of the user or third parties related to the user. Summary privacy notices will be displayed on pages dedicated to specific services upon request.

Payments and Donations

The payment system involves sharing some data with the service provider bank (PayPal, Banca Sella, etc.). The data provided by the user are optional; however, some (name, surname, email) are essential, while others are optional (notes, reason, etc.). Consent is required to publish donor information in the official list.

E-commerce

This refers to data processed for managing shopping carts, orders, and registered user profiles, including personal information, addresses, purchase details, notes, etc.
Personal data may be processed by third parties (delivery services, mailing, data entry) for managing orders and purchases; participating in loyalty programs; generating anonymous statistics on shopping behavior; and sending advertising related to products and offers via email or SMS.

Appointments

The system, upon registration, allows users to book appointments for available services.

Reserved Area

Information (texts, videos, and images) uploaded by the user in the reserved area is protected by encryption and authentication systems and is accessible only to authorized users, the data subjects themselves, and/or intermediaries involved. This data is not subject to dissemination.

PURPOSES AND LEGAL BASES OF PROCESSING

Personal data are used (ref. Art. 6(b) GDPR):

to enable site navigation and
possibly to provide the service requested as part of the normal activities of the organization (ATECO code and description…).
Furthermore, all personal data may be processed:

for compliance with legal obligations (ref. Art. 6(c) and 9(b,g,h) GDPR);
to establish, exercise, or defend legal claims (legitimate interest) of the organization (ref. Art. 6(f) and 9(f) GDPR);
for direct marketing purposes under the data controller’s legitimate interest, including use of cookies, advertising IDs, newsletters, navigation logs for cybersecurity; in such cases, the data subject may always deny consent, and processing will not take place (Art. 6(f) GDPR);
for purposes subject to consent, such as subscribing to the newsletter, promotional messages, satisfaction surveys, or third-party marketing communications (Art. 6(a) GDPR);
with consent, in the case of sensitive data (Art. 9(a) GDPR);
with consent, for profiling (Art. 6(a) GDPR);
etc.

CONSEQUENCES OF REFUSAL TO PROVIDE DATA

Providing personal data collected from the data subject is optional but essential for processing purposes under points a) and b). Failure to provide such data will prevent the delivery of services and fulfillment of contractual obligations, potentially resulting in non-compliance with legal obligations (e.g., accounting, taxation, administration, etc.).

Other than browsing data, the user is free to provide personal data via cookies or specific requests through forms (e.g., products/services). Failure to provide such data may make it impossible to meet the request.

For all non-essential data, including sensitive ones, consent is optional. Failure to provide or incorrect provision of such data may hinder compliance or lead to penalties or missed benefits. The organization is exempt from liability for any resulting sanctions.

DATA PROCESSING METHODS

Processing related to website services is carried out using automated tools for the time strictly necessary to achieve the purposes for which the data was collected. Data is processed on servers in Italy or the EU, managed by authorized technical staff or maintenance personnel. Specific security measures are in place to prevent data loss, unlawful use, unauthorized access, and confidentiality breaches. The structure includes intrusion detection systems, firewalls, logs, and disaster recovery. Data encryption, segregation, and user authentication systems are used.
Processing includes collection, registration, organization, storage, modification, deletion, destruction, or any combination thereof. Data is processed manually and electronically for purposes stated above, ensuring security and confidentiality in accordance with Art. 5 of EU Reg. 2016/679. The organization continues to enhance its data protection systems.
No automated decision-making process (e.g., profiling) is carried out. ALTERNATIVELY: If such a process is carried out, information on logic used and consequences must be disclosed.

TRANSFERS OUTSIDE THE EU

Data is processed in non-EU/EEA countries when users access the site from those locations. Processing may also occur in such countries where the site’s servers are located to ensure operational efficiency while respecting data subject rights. A list of non-EU countries involved in data transfers follows.

DATA RETENTION PERIOD

Personal data will be retained for as long as necessary to fulfill the purposes based on the category of processed data.

CATEGORIES OF RECIPIENTS

Only essential data are disclosed

to internal and external data processors and handlers performing specific tasks (e.g., site admin, data analytics, email/forms handling, e-commerce order processing, etc.)
to parties specified by law
Data will not be disclosed unless required by law or anonymized. Without the general consent for third-party disclosures, only services that do not involve such disclosures will be available. Specific consent will be requested where necessary, and recipients will act as independent controllers.

In exceptional cases (not routine for this site), authorities may request data for inspection purposes. Failure to respond may result in administrative penalties.

DATA SUBJECT RIGHTS

At any time, you may exercise your rights (access, rectification, erasure, restriction, portability, objection, absence of automated decision-making) under Articles 15–22 of the GDPR; file a complaint with the Data Protection Authority (www.garanteprivacy.it); and revoke previously given consent (without affecting the lawfulness of prior processing).

Disabling Cookies

Most browsers allow cookie management to respect user preferences. Some allow per-site cookie settings or private browsing modes where cookies are deleted upon exit.
Refer to these guides for cookie management in your browser:

Chrome: https://support.google.com/chrome/answer/95647?hl=it
Firefox: https://support.mozilla.org/it/kb/Gestione%20dei%20cookie
Internet Explorer 11: http://windows.microsoft.com/it-it/windows-vista/block-or-allow-cookie
Safari: http://support.apple.com/kb/HT1677?viewlocale=it_IT

CONTACT DETAILS

The data controller is Società Agricola Lo Scoppio ss, with registered office at xxxxx; phone xxxxx; email xxxxx.